Apple Blows Up The Concept Of A Privacy Policy

0

Three years ago, a common human being interested in the privacy policy of a gadget or service it was using was a rare bird. With the revelation that a large amount of the communications and private data of both foreign nationals and native residents of the U.S. were being collected and scrutinized by the government, all of that prototypical fine print came home to roost.

Since then, privacy has become a war cry among tech companies, and none so vociferously as Apple. It has amplified a well-aligned stance on user data being owned by the user to global proportions, taking a very public stance whenever possible. And that continues today.

Here’s the gist of the news: Apple is updating its privacy site with new information about iOS 9 and the latest version of OS X. It’s also expanding the page with additional sections and information about a wide array of Apple services and features provided to users.

The page deals with privacy in products and features like iOS 9’s News app, the native deep linking utility to let iOS and developers direct users to specific information and features inside apps and Apple’s new Spotlight Suggestions. The News app is anonymized just like other personally identifiable information, for instance. And Apple’s Proactive Assistant processes data on the device, rather than in the cloud — a challenging design decision we’ve discussed before.

Health and fitness data is isolated on the device with an encryption key generated based on your passcode. This type of personalized encryption makes it even more difficult for anyone, including Apple, to ever see data you don’t want them to. This passcode key encryption is used throughout Apple’s products now. Content blockers (the thing my industry loves to talk about), which prevent you from being tracked across websites by ads, are also covered.

Here’s a tidbit with regards to Apple Maps. When you query Maps for a trip, Apple generates a generic device identifier and pulls the info using that, rather than an Apple ID. Halfway through your trip, it generates another random ID and associates the second half with that. Then, for good measure, it truncates the trip data so the information about exact origin and destination are not kept. That data is retained for 2 years to improve Maps and then deleted.

There is also a new iOS 9.0 Security white paper which details, over 60 pages, the various techniques Apple uses to secure its mobile OS. This is not new, but the updated version also covers new iOS features and functions. Apple’s encryption methodology is described in detail, as is the way that it prevents unauthorized keychain access and how it secures apps. Much of this information is even more poignant given the recent debacle with apps compiled by a corrupted bootleg of its Xcode development tool.

This is good reading for any security wonk. But what if you aren’t?

Blowing Up The Privacy Policy

Privacy is something everyone should care about. But studies continue to indicate that people either aren’t aware of what they’re giving up, or they don’t understand the implications.

Part of the reason for this is that the privacy policies of most major corporations (Apple included) are written by lawyers, not by someone whose purpose it is to make the companies’ policies actually clear to end users. The reasons for that are many fold, but you can probably suss out the most likely; first, companies like to cover their asses in case of privacy breaches. Second, if you actually saw the privacy policies of most companies laid out in plain verbiage you would want to crawl into a cave.

Apple is blowing that up a bit today by expanding on its privacy page and presenting its policies in clear language, with extensive supporting data. Whether it’s government information requests (94 percent of that is trying to find stolen iPhones, and only 6 percent is law enforcement seeking personal information) or how consumer-facing features like iMessage, Apple Pay, Health and HomeKit are set up to protect user information; the sense is one of confidence in its stance.

Please do not confuse this with me saying that Apple shouldn’t have to continue to answer questions on user privacy — nearly all major tech corporations are money-making enterprises and should be viewed with healthy skepticism. But in his letter when the site launched last year, CEO Tim Cook said that Apple would regularly update and expand the site, and it now has.

If you click your way through it, you’re going to see a product that looks a lot like the pages that are attempting to sell you iPhones. There is a section that explains Apple’s philosophy; one that tells users in practical terms how to take advantage of Apple’s privacy-and security-related features; an entire section on government information requests; and, finally, its actual privacy policy.

The ‘manage your privacy’ section in particular provides clear explanations of what to do to improve your security and why you’d want to do it.

This is the template for all other tech companies when it comes to informing users about their privacy. Not a page of dense jargon, and not a page of cutesy simplified language that doesn’t actually communicate the nuance of the thing. Instead, it’s a true product. A product whose aims are to inform and educate, just as Apple says its other products do.

Apple has been at the forefront of using privacy as a sales tool, but it won’t be the last. Encrypted phones, messaging apps that secure and delete conversations — nearly every major Internet service we use has been re-tooled in some way in response to what we know about how much everyone else knows. It only makes sense that the moribund privacy policy should get a makeover, as well.